Shadow investigation spreads to Big Easy with botnet arrest

Botnet creators may pride themselves on operating from the shadows, but the …

About two weeks ago, the Dutch High Tech Crime Unit released news of its successful botnet sting in late July. Now, we're starting to see American law enforcement file related charges, as investigators crack down on both sides of the Atlantic. The Department of Justice reports that a New Orleans grand jury has formally indicted Brazilian Leni de Abreu Neto on a charge of conspiracy to cause damage to computers worldwide. Counting the two native Dutch brothers, a total of three people have been arrested thus far.

The Dutch man, 19 year-old Nordin Nasiri, has not yet been indicted, but Dutch prosecutors are interviewing him, presumably with the intent to file charges. As for Neto, he was picked up in the Netherlands, and will be transferred to the US pending the results of an extradition hearing.

Back when the Shadow story first broke, it wasn't immediately clear whether the investigation had been a Dutch operation or if the FBI had cooperated; several stories mentioned that the FBI had assisted but provided no details. The DoJ's statement confirms that this was a joint investigation between the Cyber Squad of the FBI's New Orleans field office, the Dutch High Tech Crime Unit, and the Cyber Section of the Brazilian Federal Police. It's not clear which of these agencies launched the initial investigation, but it appears that Shadow's cover was blown when Nasiri contacted Neto to broker the sale of his botnet. Shadow, incidentally, never sold—Neto's asking price of €25,000 was higher than market value for what amounted to an ordinary malware distribution system.

The authorities' successful campaign to shut down Shadow is the latest in a number of successful international security investigations. In the future, this type of cooperation may become the rule as police around the world link up to crack down on fraudulent operations. Botnets are, by their very nature, international organizations; a mainland Chinese company could hire an American-owned botnet with space on the Russian Business Network to launch spam attacks against a Taiwanese competitor. Investigating such a situation is far easier when the relevant authorities work together, and a string of successful security operations could begin moving governments in that direction.